Security Resources

The safety and security of your finances is a primary concern for GRB.  Check this page if you need to report a stolen debit card or need information on eliminating the risk of fraud.  Use the QuickLinks below to find what you need.

Lost or Stolen Cards

If your GRB debit card is lost or stolen, please contact us in one of the following ways:

  • During business hours, call 585.663.8930
  • After business hours, call 888.297.3416
  • Login to GRBonline and go to Account Options > ATM/Debit Card to deactivate online

Fraud Alerts & Resources

Protect Your Personal Information from Identity Theft

In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. Whether you are shopping online or in stores, be mindful of common theft techniques that could put your financial future at risk.

According to the Center for Identity Management and Information Protection, follow these suggestions to help protect your personal information:

  • Always limit to whom you give your date of birth, mother’s maiden name, or other confidential information.
  • Do not be afraid to question why someone needs your personal information.
  • Minimize the amount of information you carry with you.
  • Remove old deposits slips, blank checks, and other confidential information that you do not need to carry from your wallet or purse.
  • Cancel credit cards that you don’t need.
  • Check your credit cards after each use to make sure that you have received your own credit card back after making purchases.
  • Always guard passwords and PINs.
  • Limit the information on your personal checks to your name and address.
  • If you do not have a locking mail box, consider having your new or additional checks for your checking account mailed to your bank for pickup.
  • Do not leave in your vehicle, especially in plain view, any items with personal information such as insurance cards, vehicle registration, wallets, purses, or laptops.
  • Remove from your vehicle or hide from view your garage door opener because the garage door opener and vehicle registration with your home address provides thieves with the tools needed to locate and easily enter your house while you are away.

Avoiding Business Account Fraud

To avoid fraud, you need to understand the most common way thieves target your company, your people and your systems: 

Phishing Infographic fraud protection online grb
  • CEO Fraud – Using “personal” knowledge gained by trolling social media sites and then bluffing others into completing fraudulent transactions, CEO fraud depends on victims being “too nervous” about dealing with a high-level manager’s request to verify it.  Make sure employees know managers and executives are approachable, especially when it comes to fraud. 
  • Phishing – Gone are the days when these scam emails were readily identifiable.  Today, they look legitimate and can be difficult to tell from a real one.  Verify links and sender email addresses and be cautious of any requests for proprietary information. 
  • Wire Fraud – Often part of a man-in-the-middle scam, fraudsters intercept a legitimate wire request and modify the transaction so that the money is sent to another account number.  Wire fraud can result in significant losses and can be very difficult to detect. 
  • Mobile Fraud – The immediate nature of responding on a mobile device inherently adds a level of risk for fraud.  Beware of simple technology scams like Caller ID spoofing and malware.  Slow down and verify requests.  Speed isn’t everything. 
  • ANI Spoofing – As above, this scam revolves around the fraudster spoofing Caller ID.  While not a scam in and of itself, this approach is often part of a larger effort to commit CEO fraud, etc.
  • Malware – Again, more sophistication accompanies the traditional email message with an attached file containing a virus.  Now, merely opening an email message can be enough to launch malware.  If you don’t know the person who sent you an email, be very cautious about opening it.
  • Check Scams – Today’s check scammers move fast.  They can steal and forge corporate checks and take tens of thousands of dollars before a company even knows it’s become a victim.  Make sure your checks remain locked down, reconcile your accounts daily, and institute fraud detection tools (GRB offers Positive Pay) to avoid losses.

Other Resources to Help Your Business Prevent Fraud

Cybersecurity for Small Business website hosted by the Federal Trade Commission

Protecting Small Businesses website hosted by the Federal Trade Commission

CyberCrime website hosted by the Federal Bureau of Investigation

Internet Crime Complaint (iC3) page from the Federal Bureau of Investigation

Traveling Outside the U.S. and Canada?  Let GRB Know!

grb Travel Fraud Prevention vacation

GRB currently blocks ATM and Debit card transactions originating outside the U.S. and Canada to help reduce the risk of fraud.  In order to ensure uninterrupted card access when traveling, please contact GRB prior to your trip.  We can update your account to allow ATM and debit card transactions to select countries during your travel timeframe.  This will ensure your card access remains uninterrupted. 

We feel this additional verification process will help ensure that our customers are able to remain safe and secure when using their cards.  Please contact our customer service team at 585.249.1540 or stop in at a branch to make arrangements when you travel.

If at any time you suspect your cards may have been compromised, please contact our Fraud Center at 800.237.8990.

Check Cashing Scams

Please take steps to avoid becoming the victim of a check deposit scam.  These scams are often targeted at younger accountholders with ATM and debit cards.  Fraudsters make contact with the victim (a helper), often via social media, and convince them that they need the helper’s assistance to cash a check.  The story will be good (stranded outside the country, accounts frozen, IRS threat, etc.).  Once the helper cashes the check, the fraudster asks for the helper’s ATM card and PIN number or, in a related scam, asks the helper to wire the money or buy gift cards and send them to him/her.  For their trouble, the helper is paid a finder’s fee — often up to half of the money deposited, which appears quite generous.  Unfortunately, once it is discovered that the check is fake, the helper has now become an accomplice to the crime AND is responsible for making restitution for all of the money.

To avoid becoming the victim in a check cashing scam always remember:

  1. Never let anyone use your account to facilitate a transaction, and especially if they request that you give them your ATM card and PIN, wire back funds, or purchase gift cards to pay them back. There is no legitimate reason for someone to pay or overpay you and then ask for the money back in another form.
  2. Never give out your ATM card or PIN.  Never.
  3. Be suspicious of jobs that pay your expenses using this methodology.  Secret Shopper scams are rampant.  You are “hired” as a Secret Shopper and paid in advance, via check, for your expenses.  Using those funds, you are instructed to test money transfer services like MoneyGram or Western Union or to buy gift cards and send photos of them to the fraudster.  When the check is discovered to be fraudulent, the unfortunate Secret Shopper is responsible for paying back all of the money from the fake check deposited into their account.

Fraud Prevention Service

When our systems detects potential fraud, you will be contacted in the following manner:

  • When potential fraud is detected, you will receive an automatic text notification or email notification from Genesee Regional Bank originating from the email address FRAUDCTR0879@GRBBANK.COM.  You can respond via text or you can call our Fraud Center at 800.237.8990 to confirm or deny fraud via the automated system or by speaking directly to a fraud specialist.
  • If there is no response received from you, five minutes after the email alert you will receive automatic phone calls to confirm or deny fraud.

Remember – our messages will never ask for your PIN or account number.

* The phone number for our Fraud Center is 800.237.8990. Add this number to your phone contacts and label it “GRB Fraud Center,” it will display whenever you get a call from this number.

FBI Issues Warning About “CEO Fraud”

The FBI recently released a warning about a significant increase in scams known as “CEO Fraud.” This type of fraud usually involves thieves gaining access to an executive’s email (by phishing) or impersonating the executive by using a similar email address. The thieves send emails to company employees giving the appearance of providing legitimate wire transfer instructions.

Read more from Krebs on Security

Here are some ways you can protect your accounts:

  • Educate employees that are involved in sending wire and ACH transactions
  • Incorporate verbal confirmations of such transfers into your procedures
  • Be suspicious of any emails from unfamilar or unknown sources, specifically those with links embedded. Educate employees not to click on these links
  • Be careful what your company posts on social media or your company website that specifies job descriptions/functions or hierarchical structures
  • Set up a company website domain and establish company email accounts instead of using free, web-based solutions.

Please contact your Relationship Manager or a Commercial Relationship Associate promptly or call us at 585.249.1540 if you think you may have been the victim of fraudulent activity.

Ransomware Attacks on the Rise

The American Bankers Association has released a new infographic to help customers understand, identify and protect themselves from ransomware — a type of malicious software attack that freezes computers and mobile devices until the victim pays a sum of money (ransom) to the attacker to release their files.  The FBI estimates that more than $1 billion will be lost to ransomware attacks in 2016.

To combat the threat of ransomware, consumers are encouraged to use caution when opening emails or attachments they don’t recognize, back up their files, use popup blockers to avert unwanted ads and malware and keep operating systems security software up to date. Businesses should also take proactive steps against ransomware by educating employees, managing the use of privileged accounts, having a data backup and recovery plan for all critical information and alerting law enforcement when faced with a possible attack.

Learn more about ransomware from the ABA.

Security Manager 

Effective immediately, GRB introduces Security Manager, a text-based authentication feature that verifies certain types of BillPay and Bank to Bank Transfer activity on personal (not commercial) accounts.

You will receive a pop-up message when you login to GRBonline requesting your cell phone number.  Follow the steps as prompted to enroll in Security Manager.  Once enrolled, you will receive a prompt to enter a code whenever you initiate BillPay to a new, check-based recipient or set up a transfer to a new outside bank. This provides an additional layer of security against unauthorized transfer attempts on your accounts.

Security Manager does not impact cash management customers or BillPay/Bank to Bank Transfers on GRBmobile. As with all customer information, your phone number and carrier information will not be shared, per GRB’s Privacy Policy

Please contact one of our branches if you have questions.

How GRB Protects Your Information

GRB is committed to protecting the personal information of our clients. GRBonline uses several different methods to protect users’ information, including multifactor authentication, secure tokens, and anomaly detection software. Additionally, all information within GRBonline uses the Secure Socket Layer (SSL) protocol for transferring data. SSL is a cryptosystem that create a secure environment for the information being transferred between your browser and GRB. All information transferred through GRBonlinehas 128-bit encryption; the highest level.

GRB will never request personal information by email or text message, including account numbers, passwords, personal identification, or any other confidential customer information. Fraudulent emails may be designed to appear as though they originated at GRB. DO NOT respond to any email that requests personal or confidential information and do not click on any links in such an email.

If we contact you, it will be done in a manner that protects your personal information and we will clearly identify ourselves. If you contact us, we may ask verifying questions.

Safely Managing Online Transactions for Your Business

As more and more of our financial transactions move online, fraud and identity theft are becoming an even more significant threat to financial institutions, businesses and individuals alike.  Cyber crime is always evolving and criminals are always looking for new technologies, and scams to secure information and data that can be used to attempt fraudulent activities.  Whether you are a business user or individual customers, it is important that you remain vigilant regarding your use of the online environment to conduct financial transactions.  This information is also provided to help you understand how GRB will conduct business in the event we need to contact you regarding your accounts:

The following represents GRB’s standard business practice regarding your online transactions:

GRB will never email, call, or otherwise ask you for key account information (i.e. username, password, electronic banking credentials, etc.).  No matter how “urgent” the email may seem, resist the temptation to respond to it and provide any kind of account or personal information.  If you ever have any questions about a request, please contact GRB directly.

GRB also encourages its clients to protect themselves and their identity by following best practices for online security, including:

  • Choose a secure user name password that utilizes a combination of lower and upper case letters, numbers and symbols.  It is also advisable to avoid using words from the dictionary 
  • Select different passwords for multiple accounts, don’t use the same password for everything
  • Change your passwords frequently
  • Keep your user name and password secure.  If you must write them down, avoid placing them in obvious places (under your keyboard, top desk drawer, etc.) 
  • Keep your anti-malware and anti-virus software solutions up to date and make sure all security and maintenance patches are installed in a timely manner
  • Make sure a firewall is in place when you are managing your financial transactions.  Avoid using Wi-Fi hotspots in coffee shops, restaurants, health clubs, etc. to complete financial transactions
  • Log off your accounts completely when you’re done conducting business (don’t just close the page or click on the “X”)
  • Do not allow your browser to save your login and password information for your financial accounts
  • Monitor your account activity on a regular basis and use your financial institution’s online capabilities to set up text notifications 

In addition, we recommend that business account holders conduct regular monitoring and management of their accounts for fraudulent behavior.  This could include making a list of the risks related to online transactions conducted by your business including:

  • Securing passwords that have been written down and left out in the open
  • Allowing individuals to share logins and passwords on accounts
  • Using old passwords or those that do not follow the recommended combination of letters, numbers and symbols as noted above
  • Addressing processes that lack a system of checks and balances by multiple employees
  • Failing to terminate the access rights of former employees in a timely manner
  • Allowing employees to have “solo” access to particular systems or Web sites which may make it difficult to terminate their access 
  • Lack of dual controls over individual access to online transaction capabilities including wire transfers, ACH Services, etc. 

Businesses can also reduce fraud risk by putting the following controls in place:

  • Using password-protected software solutions to house passwords
  • Designating specific computer(s) exclusively for online banking transactions
  • Training employees not to click on links or respond to requests for information in unsolicited emails.
  • Reporting any suspicion of viruses or computer performance issues to the appropriate authority at the company.
  • Conducting background checks on new – and existing – employees
  • Tracking the solutions and accounts to which each employee has access and initiating a policy and process to terminate access when they leave
  • Dividing certain responsibilities among two or more people to limit access or control by a single person
  • Setting various approval limits (i.e. by user, transaction type, etc.)
  • Conducting internal or third-party audits of your processes and controls and designate a team to take action on any findings
  • Using firewalls to protect the network from outside intrusion or hackers
  • Setting up visitor Internet and network access capabilities for vendors, partners and customers who may be on-site visiting.  Do not allow outsiders to gain direct access to your network

Federal regulations under the Electronic Fund Trasnsfer Act provide consumers with some protections for electronic fund transfers.  These federal laws establish limits on a consumer’s liability for unauthorized electronic fund transfers. They also provide specific steps you need to take to help resolve an error with your account.  Note, however, that in order to take advantage of these protections, you must act in a timely manner. Make sure you notify us immediately if you believe your access information has been stolen or compromised. Also, review your account activity and periodic statement and promptly report any errors or unauthorized transactions. See the Electronic Fund Transfer disclosures that were provided at account opening for more information on these types of protections. These disclosures are also available from GRB – ask us and we will gladly provide you with a copy.

Even though there are protections in place to help consumers, keep in mind that the disruption of fraud will still be time-consuming and require a significant amount of effort to make your accounts correct and secure again.  It is best to take steps to actively avoid giving cyber criminals the opportunity to make you a victim.

If you become aware of suspicious account activity, or receive any suspicious emails, you should immediately contact GRB at 585.249.1540.